Field
The field relates to web browsers, web applications and online certificates.
Background
Certificates, such as public key and private key certificates, may be used to provide trusted Internet communications. However, certificates may expire or be revoked. Certain protocols, such as Online Certificate Status Protocol (OCSP) may be used to obtain certificate status information, such as whether a certificate is valid or if it has been revoked.
Certificates are validated, as having not been revoked, by contacting a specified revocation server and checking for the presence of the certificate revocation in a certificate revocation list (CRL). Most implementations of certificate validation, such as implemented in current web browsers, “wait” to receive the certificate revocation status. Such implementations may give up after a certain period of time. This wait time can delay a user, causing discomfort. Worse yet, this wait time can undermine public key infrastructure (PKI) validation. An attacker with a revoked certificate can launch a denial-of-service attack against a revocation server and block visibility of a revocation.